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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE GEmtolfwcEmiZR 
In re Application o 1 5 2003 



Charles P. Tresser If ^ 



Serial No.: 09/578,474 Group Art Unit: 3621 

Filed: May 26, 2000 Examiner: Elisca, Pierre Eddy 

For: METHOD AND APPARATUS FOR COMMERCE WITH FULL ANONYMITY 

Honorable Assistant Commissioner of Patents 
Washington, D.C. 20231 

mm ap ATlON vm ** n c*.R. S1.131 

Sir: 

Comes now the Declarant, Charles P. Tresser, and states and avers the following: 

(1) I am the inventor of the subject matter described the above-referenced patent 
application and specifically, I am the inventor of the claimed invention defined by cl aims 1- 

46 of the subject application; 

(2) Prior to February 23, 2000, 1 had completed my invention as described and 
claimed in the subject application in the United States. Specifically, prior to February 23, 
2000, 1 conceived the idea of a system, method and apparatus for conducting business 
electronically between a first party and a second party, such that the identity of the fust party 
is kept from the second party. This is evidenced by the disclosure statement whichj is attached 
hereto as Exhibit A and incorporated by reference herein (note that any dates redded from 
Exhibit A are prior to February 23, 2000). j 

(3) The contents of the disclosure statement in Exhibit A were incorporated into 
the specification of the present invention, upon which claims 1 -46 are based. For example, 
the disclosure includes a discussion of a method of conducting business electronically 
between a first party and a second party (e.g., see Exhibit A at page 4, lines 1-4 and 21-23) 

PAGE4/28* RCVD AT 12/15/2003 8:31:59 PM [Eastern Standard Time]*SVR:USPT0EFXRF-1f2* DNIS:8729306* CSID:703 761 2376 * DU^TION {mm-ss):10-06 



12/15/2003 20:32 703-761-2376 



MCGINN & GIBB.PLLC 



PAGE 



09/578,474 
Y0R.144 



which includes providing an intermediary relationship with a third party who knows an 
identity of the first party but no privacy-compromising information regarding a proposed 
electronic business transaction between the first and second parties (e.g., see Exhibit A at 
page 4, line 1-23; page 7, lines 2-15), and conducting the electronic business transaction 
between the first and second parties through the third party such that the identity of the first 
party is kept from the second party (e.g., see Exhibit A at page 7, lines 11-15), wherein the 
second party is provided with information identifying the first party only as a transactional 
party in the electronic business transaction (e.g., see Exhibit A at page 7, lines 2-1 5), and 
wherein the providing an intermediary relationship by the third party includes replacing an 
identification data about the first party with an identifier whose linkage to the identification 
data is known only to the third party (e.g., see Exhibit A at page 5, line 2-page 6, line 25). 

4) Attached hereto as Exhibits B-H and incorporated by reference herein are 
additional documents which, when combined with the disclosure statement in Exhibit A, 
clearly demonstrate conception of the invention prior to February 23 , 2000, coupled with due 
diligence from just before February 23, 2000 to May 26, 2000 (the filing date of this 
Application). It should be noted that any dates redacted from Exhibits B-H are prior to 
February 23, 2000. 

These Exhibits include the following: 

Exhibit B: letter from Stephen C. Kaufman, Esq. to Sean McGinn, Esq. directing 
Mr. McGinn to prepare the subject Application; 

Exhibit C: letter from Sean McGinn, Esq.. to Stephen C Kaufrnan, Esq including 
a cost estimate for preparing the subject Application; 

F.-vbihit D- facsimile letter from Stephen C. Kaufman, Esq. approving the cost 
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estimate of Sean McGinn, Esq>; 
Exhibit E: e-mail letter from inventor regarding a new address; 
Exhibit F: letter from Sean McGinn 8 Esq. to Charles P, Tresser forwarding a first 

draft of the subject Application; 
Exhibit G: letter fiom Sean McGinn, Esq. to Charles P. Tresser forwarding a final 

draft of the subject Application; and 
Exhibit H: invoice evidencing activity of Sean McGinn, E$q. regarding the subject 

Application. 
Further Declarant sayeth naught 
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I hereby declare that all statements made herein of my own knowledge are true and 
that all statements made on information and belief are believed to be true; and further that 
these statements were made wiA the knowledge that willful false statement, and the like *o 
m ade are punishable by fine or imprisonment, or both, under Section 100! of Title 18 of the 
United States Code and that such willful false statements may jeopardize the validity of the 
application or any patent issued tbereon. 




CHARLES P.TRESSER 



DATE 
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Main Idea 



^^^^^ 
COMMERCE WITH FULL ANONYMITY 

using the invention. 

In the context of regular contact between a commercial organization 
and a customer, where the nature of he transaction heavily depends on some 
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collection of data associated to the customer, such as the precise 
contract, past information, information ahout the transaction being made, 
eto. . . , traditional methods forced the data to be attached to the identity 
of the customer (the word .forced- should be understood as .forced up to 
unbearable duress.: most of the invention presented here could apply without 
modern Information Technology, but the workload would be unbearable). With 
the development of Information Technology, such data were first input in a 
computer system for better handling and processing of the transaction. A 
next stage of development of Information Technology allowed to begin 
m «Wr>Z heavier use of the computer, in particular for data mining, to better 
evaluate the risk associated to each customer, to evaluate the risk of 
portfolios, to perform customer segmentation for different purposes 
(commercial and marketing strategy, pricing, etc.), and other aspects of 
business intelligence and use of advanced analytics. 

Using such method of business intelligence has arguably been a first 
serious blow to customer privacy, just because business intelligence allows 
company to learn more about their customers than what the customers have 
willingly approved. 

Because business intelligence has become so precious, both for marketing 
and related functions, and for customer relationship management purposes, 
some companies have used data about their customers as an asset they would 
sell to other companies, another serious breach to customer privacy. 

While trying to limit privacy violations, and even trying to restore 
fuller privacy than was ever possible before the beginning of modern 
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COMMERCE WITH FUUL ANONYMITY - confinued 

Information Technology, it is desirable to achieve this goal without 
compromising the analytic tools which have allowed better customer 
understanding and hereby better pricing, otherwise, the customer would have to 
pay for the price of reduced commercial efficiency. 

We will present this invention in the very important and particularly 
difficult case of the insurance industry, and more precisely for auto 
insurance and health insurance (which would readily adapt to the simpler case 
of life insurance). The concerns for privacy in business insurance are far 
more limited, and business insurance comes in a variety of categories which 
would need to be properly analyzed for relevant solutions to be offered. 

2. How does the invention solve the problem or achieve an advantage^ description of The invention-, 
including figures inline as appropriate)? 

This invention will be presented in two parts with increasing 
complexity: 

- the first part only concerns tentative registration, prize checking etc.. 
(this part is possibly the stage where the customer expect higher privacy as 
several companies can be contacted before an insurance provider will be 
chosen) , 

1- the second part concers the further relation between the insurance and the 
customer: each part can be used independently of whether the other part is 
used. 

These parts can be used independently of each other, by performing 
trivial modefication to what is presented here. 
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COMMERCE WITH FULL ANONYMITY - continual 

An essential Ingredient of the invention is a Third Party T which will 
serve as intermediary between the customer and the insurance. A customer C 
will establish a relationship with T which will serve for all further 
engagements with insurance companies. 

A Fourth Party F will also be involved which delivers to C a 
portable device P(C) which carries the biometrics of C in such a way that C 
can identify him or herself as the legitimate owner of P(C) without revealing 
his or her identity according to the methods described in Heft . The non 
duplicability and authenticity of P(C) can for instance be guaranteed using 
the methods disclosed in Ref4. The device P(C) delivers a serial number S(C) 
at each transaction, and 8(C) can be read off P(C) only in the presence of 
C. For more privacy, it would be better that P(C) generates numbers 
S(C,n), where n is an integer belonging to a big set {1,2,..., N}. Then, for 
each new insurance and or other partner of C, a new number n is chosen for 
all further transaction between the two parties. In particular, if C quits 
1 for another company and comes bacfc to I, it can change the n associated 
to I. For simplicity, we will omit the use of this number n in the sequel, as 
using it is a trivial amelioration of the overall protocol. 

The insurance I will also chose a large set of verifiers Vj, j=l,2,.-. 
which will be medical practices for health (or life) insurance, and garages 
in the case of automobile insurance. Any verifier will be equipped with the 
apparatus needed to verify portable devices as described above, and will be 
connected to the Internet so that they can send information to T. The 
relation with T can be performed using a privacy protection mechanism, 
involving several other parties to avoid possible collusion, as described 
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COMMERCE WITH FULL ANONYMITY - continued 

for instance in Reft. 

When deciding to register with Insurance I, C sends to T an application 
A. This application can be taken off the www page of I, together with a 
. piece of software SOFT, such as a JAVA applet, which allows to encrypt 
using pul(I) where (Prl(I),pul<I» is the public signature scheme of I. SOFT 
also allows C to compute a public signature scheme (Pr2(I,C),pu2(I,C)). 

The application A has a header H where all identification data about C 
will be written in clear together with S(C) , and a body B where all 
personal or vehicle data of C and pu2(I,C) will be written after 
encryption using pul(I). When receiving the application, T cuts off the 
header an replaces it by a number N(T,C,I) which is sent to I with part B of 
the filled application A. I can then decrypt B and decide on the level of 
risk and the price if the level of risk is acceptable. These decisions D will 
then be communicated to I after encryption using P u2(I,C) together with 
N(T,C,1), and I can then send pu2(I,C)(D) to C. 

If needed, before sending A to I, C will have visited one or more 
verifiers. C identifies him or herself to each VJ it visits using S(C), and ask 
Vj to send S(C) to I, together with relevant data verified by Vj such as: 

- the data relevant to an automobile identified with a tag as described in 
Ref2 for instance, 

- health data associated to C identified by S(C), which number Vj reads off 
P(C). 

This communication to I will be performed by appending to S(C) the 
relevant data encrypted using pul(I) , or some other key system common to 
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COMMERCE WITH FULL ANONYMITY -continued 



all verifiers but possibly distinct from the key system devoted to 
interactions with candidate customers. 

In several cases, and in particular for auto insurance, aspects of the past 
of C, such as driver records, possible convictions, are important elements 
of the risk evaluation. Ether Government agencies such as the DMV accept to 
be equipped as private verifiers, or T will ask services of some special 
verifier(s) whose task will be to serve as intermediaries with the official 
partners and associate data encoded with pul(I) to tags such as SCO, that 
T would then transmit to I. 

The link between T and I can make more secure by using the methods of 
Ref3 or by making it indirect in the following way. T will post all filled 
applications on a dedicated WWW page after cutting off clear 
identification and tagging by a number N(T,C, I) which has redundancies 
allowing I but no other party to recognize this number as a number emitted 
by I. All Insurance Companies can then check for the folders so posted and 
will capture those using their public key. Communication back to I can 
similarly be performed using such a WWW page, or using the methods described 
in Ref3. 

Payments from I to T or vice-versa need to be documented by the 
paying party. This can be done by attaching a tagging number to the 
payment. This tag is communicated to the bank of the paying party, and 
accompany the transaction order to the bank of the payee. The paying bank 
accepts the money transfer in exchange of the tag coded using a private key 
of the payee's bank. Such practices, or more sophisticated ones with at least 
similar virtues are well known and just indicated here for the sake of 
PAG? 1 3/28 * RCVD AT 12115/2003 8:31 :59 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-1/2 * OHiS: 8729306 * CSID:703 761 2376 * DURATION (mm ss): 10-06 



12/15/2003 20:32 703-761-2376 



MCGINN & GIBB, PLLC 



PAGE 14 



COMMERCE WITH FULL ANONYMITY - continued 

completeness . 

Turning now to the case when the relation between C and I has been 
established, so that C is a customer of I, we need to describe how I can deal 
with C despite ignoring who C is- In regular operations, the infrastructure 
described above for first contacts type of interactions allows to get all 
tasks done. When submitting a claim, C will address it to T. possibly after 
consulting with one or more verifiers Vj as needed. After processing the 
cfcim, which is obtained by I from T by the same method the original 
application was obtained, I will send a payment, or request for further 
data, or the declination of the claim, all encrypted using pu2(I,C), to T 
who will then transmit it to C Anybody versed in the art would readily 
understand how this can be done while the nature of what C receives remains 
unknown from T, while I cannot access the identity of C. The only problem 
not covered by what has been disclosed so far is when some refusal by C of 
the way I handles the claim occurs. 

This will be solved in stages, depending on the severity of the refusal. 
In the first stage, which involves reevaluation of data, the anonymity can 
be preserved as identification of individuals is made using S(C) and 
identification of vehicles is based on tag recognition. In the second stage 
where the judicial system needs to be involved, the anonymity is expected to 
be abandoned, except in judicial systems where courts accept to hear 
anonymous cases presented by anonymous parties. In the latter cases, the 
anonymity will be preserved till the end, using S(C) and recourse to T (for 
instance) for the payment. 
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COMMERCE WITH FULL ANONYMITY - continued 

As usual when using keys, it is preferable that keys be changed over 
time. Some businesses such as Equifax, take care of such aspect of 
cryptograpy-heavy transactions as a professional service. 

3. K the same advantage or problem has been identified by others (inside/outside IBM), how have those 
others solved it and does your solution differ and why is it better? 

n/a 

4. If the invention is implemented in a product or prototype, include technical details, purpose, disclosure 
details to others and the date of that implementation. 

n/a 

'Critical Questions ( Questions 1 -7 must be answered) 
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Patent Value Tool (Optional - this may be used by the Inventor and attorney to assist with the evaluat 

CThe Patent Value tool can be used by you or the evaluation team to determine the potential licensing value 
of your invention.) 

The Patent Value Tool has not yet been used to calculate a score. 
Post Disclosure Text & Drawings 

(Form Revised 
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